412312006-12-21 21:59:00 +0000SSL: using connection: upgrade leaves plaintext from PHP in reply2007-11-06 07:03:28 +0000111UnclassifiedApache httpd-2mod_ssl2.2.3PCLinuxRESOLVEDFIXEDTryAgainP3major---1michaelbugs0oldest_to_newest971800michael2006-12-21 21:59:47 +0000I'm issuing a request:
GET /index.php HTTP/1.1
Host: localhost
Upgrade: TLS/1.0
Connection: upgrade
And my client crashes because it can't parse the plaintext given back by
index.php (which contains <?php for ($i = 0; $i < 10; $i++) echo "foobar"; ?>).
In strace it's clearly visible:
[pid 16349] recv(8,
"\24\3\1\0\1\1\26\3\1\0000f\212W\335\273\16L\352\357\3054\32\204\311\376
\264a4l\3670\17\303e\224\202\370!\361\271\311\320\360\356\210ZN\255w\314
~\351\377=}\250irfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar",
2048, 0) = 119
If an OPTION * HTTP/1.1-request is sent before, it correctly switches and
processes the next request.
You can reproduce it by using tlsupgrade.c:
Get http://people.apache.org/~bnicholes/tlsupgrade/tlsupgrade.c
Compile it with gcc -lssl -o tlsupgrade tlsupgrade.c
Run it using: strace -s 2048 ./tlsupgrade http://localhost/index.php
SSLEngine needs to be set to optional for the vhost (on port 80).972061michael2006-12-23 10:02:47 +0000Apparantly the APR_BUCKET_IS_EOC is true for some reason, so
ssl_filter_io_shutdown is called and the result is not filtered via SSL
anymore. Before APR_BUCKET_IS_EOC is true, ssl_filter_write (which is called
when APR_BUCKET_IS_EOC is not true) is called two times with NULL as data-
pointer.
I don't know if this is normal behaviour and i'm not very into debugging
apache, but maybe it gives a hint to the developers.1102682jorton2007-11-06 07:03:28 +0000Fixed on trunk: http://svn.apache.org/viewvc?view=rev&revision=592446